ComboFix 08-05-15.3 - martin 2008-05-19 21:01:56.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1051.18.417 [GMT 2:00]
Running from: C:\Users\martin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\ADSTechnology
C:\Program Files\ADSTechnology\ADSTechnology.exe
C:\Program Files\ADSTechnology\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADSTechnology
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADSTechnology\Uninstall.lnk
.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 19:00 266,296 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT.bck
2008-05-19 19:00 266,296 ----a-w C:\Windows\system32\drivers\APPFCONT.DAT
2008-05-19 19:00 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG.bck
2008-05-19 19:00 1,244 ----a-w C:\Windows\system32\drivers\APPFLTR.CFG
2008-05-19 18:23 --------- d-----w C:\Users\martin\AppData\Roaming\uTorrent
2008-05-18 19:15 --------- d-----w C:\Users\martin\AppData\Roaming\Skype
2008-05-18 19:04 --------- d-----w C:\Program Files\SMPlayer
2008-05-18 14:07 --------- d-----w C:\Program Files\ICQToolbar
2008-05-18 14:06 --------- d-----w C:\Users\martin\AppData\Roaming\PCLiveTV
2008-05-18 14:00 --------- d-----w C:\Users\martin\AppData\Roaming\skypePM
2008-05-18 13:37 --------- d-----w C:\Users\martin\AppData\Roaming\ICQ Toolbar
2008-05-18 12:43 --------- d-----w C:\Program Files\ICQ6
2008-05-18 12:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 12:42 --------- d-----w C:\Users\martin\AppData\Roaming\ICQ
2008-05-18 11:23 --------- d-----w C:\Program Files\Opera
2008-05-18 09:47 --------- d-----w C:\Users\martin\AppData\Roaming\BitTorrent
2008-05-18 09:21 --------- d-----w C:\Program Files\Ashampoo
2008-05-18 07:41 --------- d-----w C:\Program Files\Google
2008-05-17 19:56 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-05-17 19:26 --------- d-----w C:\Program Files\BBoxV2
2008-05-17 19:20 --------- d-----w C:\Program Files\AIMP2
2008-05-17 19:14 --------- d-----w C:\Program Files\r2 Studios
2008-05-17 19:13 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-17 19:13 --------- d-----w C:\Program Files\DivX
2008-05-17 19:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-17 19:08 --------- d-----w C:\Program Files\VideoLAN
2008-05-17 18:34 --------- d-----w C:\Program Files\Winamp
2008-05-17 17:52 9,976,718 ----a-w C:\Windows\REGBK00.ZIP
2008-05-17 14:58 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-05-17 14:57 737,280 ----a-w C:\Windows\iun6002.exe
2008-05-17 13:19 --------- d-----w C:\Program Files\FlashGet
2008-05-17 13:11 --------- d-----w C:\Program Files\Defraggler
2008-05-17 12:50 --------- d-----w C:\Program Files\The KMPlayer
2008-05-16 21:35 --------- d-----w C:\Users\martin\AppData\Roaming\FlashGet
2008-05-16 20:32 --------- d-----w C:\Program Files\Trend Micro
2008-05-16 20:31 --------- d-----w C:\Program Files\Flock
2008-05-16 20:18 --------- d-----w C:\Users\martin\AppData\Roaming\Flock
2008-05-14 16:59 --------- d-----w C:\Program Files\BitComet
2008-05-14 16:07 --------- d-----w C:\Users\martin\AppData\Roaming\BSplayer
2008-05-14 16:06 --------- d-----w C:\Program Files\uTorrent
2008-05-14 11:17 --------- d-----w C:\Users\martin\AppData\Roaming\DMCache
2008-05-14 08:50 --------- d-----w C:\Program Files\ExtractNow
2008-05-14 08:35 --------- d-----w C:\Users\martin\AppData\Roaming\ZipGenius
2008-05-14 00:27 --------- d-----w C:\Users\martin\AppData\Roaming\Thunderbird
2008-05-13 21:35 --------- d-----w C:\Program Files\Panda Security
2008-05-13 20:52 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-13 19:10 --------- d-----w C:\Program Files\Windows Mail
2008-05-13 19:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 09:25 --------- d-----w C:\Program Files\AC3Filter
2008-05-11 09:24 --------- d-----w C:\Program Files\GNU
2008-05-10 09:52 174 --sha-w C:\Program Files\desktop.ini
2008-05-08 18:37 --------- d-----w C:\Program Files\PC Wizard 2008
2008-05-04 13:02 --------- d-----w C:\Program Files\Microsoft Games
2008-05-04 09:57 --------- d-----w C:\Users\martin\AppData\Roaming\GRETECH
2008-05-04 09:57 --------- d-----w C:\ProgramData\GRETECH
2008-05-04 09:56 --------- d-----w C:\Program Files\GRETECH
2008-05-04 09:51 --------- d-----w C:\Users\martin\AppData\Roaming\RaimaRadio
2008-05-03 21:03 --------- d-----w C:\Users\martin\AppData\Roaming\BSplayer Pro
2008-05-03 15:23 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-03 15:23 --------- d-----w C:\Program Files\Adobe Media Player
2008-05-03 10:50 --------- d-----w C:\Users\martin\AppData\Roaming\TuneUp Software
2008-05-03 10:21 --------- d-----w C:\Users\martin\AppData\Roaming\Ashampoo
2008-05-03 10:20 --------- d-----w C:\ProgramData\ashampoo
2008-05-03 09:59 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-03 09:47 --------- d-----w C:\ProgramData\Nero
2008-05-03 09:47 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-03 08:17 --------- d-----w C:\Program Files\MediaDoctor
2008-05-02 20:12 --------- d-----w C:\Users\martin\AppData\Roaming\Nero
2008-05-01 17:23 --------- d-----w C:\Users\martin\AppData\Roaming\InfraRecorder
2008-05-01 17:12 --------- d-----w C:\Program Files\Ahead
2008-05-01 17:11 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-01 16:20 --------- d-----w C:\ProgramData\Ahead
2008-05-01 12:46 13,880 ----a-w C:\Windows\system32\drivers\COMFiltr.sys
2008-05-01 12:42 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-04-29 18:59 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2008-04-26 08:44 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-26 07:57 --------- d-----w C:\ProgramData\WindowsSearch
2008-04-24 17:11 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-24 11:29 --------- d-----w C:\Users\martin\AppData\Roaming\WebCompiler3
2008-04-24 11:07 --------- d-----w C:\Program Files\ICQLite
2008-04-24 09:18 --------- d-----w C:\Program Files\Yahoo!
2008-04-19 15:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-19 15:13 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-19 15:13 --------- d-----w C:\Program Files\Windows Defender
2008-04-19 15:13 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-19 15:13 --------- d-----w C:\Program Files\Windows Calendar
2008-04-19 14:56 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-19 14:56 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-19 10:30 --------- d-----w C:\ProgramData\AVS4YOU
2008-04-19 10:27 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-04-19 10:26 --------- d-----w C:\Users\martin\AppData\Roaming\Download Manager
2008-04-18 20:44 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-18 20:08 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-18 19:36 --------- d-----w C:\Users\martin\AppData\Roaming\CDBurnerXP_Soft
2008-04-16 11:22 --------- d-----w C:\Program Files\Autodesk
2008-04-13 09:15 --------- d-----w C:\Users\martin\AppData\Roaming\DivX
2008-04-05 08:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2008-05-14 19:02 219952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"VTTimer"="VTTimer.exe" [2006-09-14 18:54 53248 C:\Windows\System32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-04-25 15:41 176128 C:\Windows\System32\VTTrayp.exe]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30 406832]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17 27952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\PROGRA~1\ICQLite\ICQLite.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\Windows\System32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{927B8A6B-3EDE-4FDE-A54B-56E401AE4EE7}C:\\program files\\t-com softphone slovak\\t-com softphone slovak.exe"= UDP:C:\program files\t-com softphone slovak\t-com softphone slovak.exe:T-Com
"UDP Query User{31ECBB68-DEF4-487D-A7B0-06420BD9B7CA}C:\\program files\\t-com softphone slovak\\t-com softphone slovak.exe"= TCP:C:\program files\t-com softphone slovak\t-com softphone slovak.exe:T-Com
"{59F19ABB-8ED8-4C9A-9600-44B3C2954FB0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{19F9E510-AB53-42F6-99C5-E28B6557903C}C:\\program files\\t-com softphone slovak\\t-com softphone slovak.exe"= UDP:C:\program files\t-com softphone slovak\t-com softphone slovak.exe:T-Com
"UDP Query User{9C296408-0BB8-4520-8C27-AA9644136D39}C:\\program files\\t-com softphone slovak\\t-com softphone slovak.exe"= TCP:C:\program files\t-com softphone slovak\t-com softphone slovak.exe:T-Com
"{1ABC989E-D66B-4195-9E4C-45FAD7014CEE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C37A8942-D2E7-47F1-AD4C-62159ABDBDAC}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{837F9131-311D-4D4F-A4F0-74E0174E5535}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{668BB951-66E5-40BE-A3BA-A70CA58314FD}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{05E4C975-2B37-46CA-AAAE-F3FA8F22F610}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6E4783B8-DCBD-4F53-8FC3-5EF2A57588CB}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{F00844B2-822C-4162-AEF7-C792A7FC37B2}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{131B6E40-9962-4F47-8A40-B7258015C899}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{28DB52FD-0D29-409F-819A-D7E30B98A7FF}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8CDBEC08-7822-4608-873C-418E67D9939E}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C97123A9-CEB9-48E2-AF2C-81DA70D3ABAA}"= Disabled:UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{C346BC5C-C777-427A-986F-98D7B4CB23AC}"= Disabled:TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2F8F6CC4-423A-4B0B-8411-8477613A1019}"= Disabled:UDP:C:\Program Files\DNA\btdna.exe:DNA
"{42A4FA02-37E1-4F11-98DC-1966D78A5440}"= Disabled:TCP:C:\Program Files\DNA\btdna.exe:DNA
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\Windows\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R1 APPFLT;App Filter Plugin;C:\Windows\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\Windows\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\Windows\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\Windows\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\Windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2008-01-19 07:55]
R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\Drivers\ShlDrv51.sys [2007-05-23 16:40]
R1 SMSFLT;SMS Filter Plugin;C:\Windows\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\Windows\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-06-06 11:43]
R2 BcmSqlStartupSvc;Spúšacia služba produktu Business Contact Manager SQL Server;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 10:51]
R2 ComFiltr;Panda Anti-Dialer;C:\Windows\system32\DRIVERS\COMFiltr.sys [2008-05-01 14:46]
R2 cpoint;Panda CPoint Driver;C:\Windows\system32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Internet Security 2008\PskSvc.exe" [2007-03-21 19:32]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]
S3 GoogleDesktopManager-022208-143751;Správca pre program Google Desktop 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-16 22:42]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-19 19:00:00 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-19 21:06:15
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-19 21:07:20
ComboFix-quarantined-files.txt 2008-05-19 19:07:15
Systém nenašiel žiadne hlásenie pod číslom 0x2379 v súbore hlásenia Application.
Systém nenašiel žiadne hlásenie pod číslom 0x2379 v súbore hlásenia Application.
222 --- E O F --- 2008-05-13 19:10:27